<?php
define("NFO2_PERMISSIONS", NFO2_DB_PREFIX."permissions");

	class permissions extends service {
		
		public function __construct(){
			context::get_service("session");
			
			if (isset($_SESSION) && isset($_SESSION["account"])){
				$query = "
						SELECT 
							".NFO2_PERMISSIONS.".*,
							".NFO2_MODULES.".name 
						FROM ".NFO2_PERMISSIONS." 
						LEFT JOIN ".NFO2_MODULES." 
						ON ( ".NFO2_MODULES.".id = ".NFO2_PERMISSIONS.".module_id ) 
						WHERE user_id = ".(int)$_SESSION["account"]["user_id"]."
				";
				$permissions = context::get("db")->fetch_array($query);
			

				$_SESSION["permissions"] = $permissions;
			}
		}
		
		
		public function allowed_module($module_name){
			
			$cfg = context::get("config");
			
			if (!$cfg["policy"]["auth"]){
				return true;
			}
			
			if (!$cfg["policy"]["restrict_permissions"]){
				return true;
			}
			
			if (isset($_SESSION) && $permissions = $_SESSION["permissions"]){
				foreach ($permissions as $permission){
					if ($permission["name"] == $module_name){
						return true;
					}
				}
			}
				
				
			return false;
		}
		
	}

?>
